With shared infrastructures, security must move with the data

As agencies shutter data centers and move toward more shared IT infrastructures, managers need to adopt a more data-centric approach to securing workloads, the deputy chief technology officer of the National Nuclear Security Administration told a Washington, D.C., audience recently.

“Shared infrastructure is something that takes very careful consideration when you want to co-locate workloads that are owned by different folks and stakeholders within your own organization,” said Anil Karmel, who has helped the Energy Department build a secure, cloud services brokerage technology, YourCloud, to connect a diverse set of users to a marketplace of cloud service providers.

“Really it comes back to security,” Karmel said, “which has to be baked in, not bolted on, at all the different layers of compute, network, storage, and the hypervisor.” IT administrators have to put a set of software-defined security controls around the information that has to be protected.

As a cloud broker, DOE/NNSA has enforced security rules irrespective of where a workload moves. “From a private on-premise cloud to a commercial cloud provider, the security rules move with it,” Karmel said. The security rules move across physical and virtual infrastructures, giving administrators a single place for enforcement of security controls across DOE and national laboratory environments.

Karmel spoke to an audience of government and industry representatives March 7 at Meritalk’s Data Center Brainstorm, which explored issues around data center consolidation and optimization connected with the federal government’s efforts to close 1,200 data centers by 2015.

The federal government reportedly has 3,133 data centers. Over the past two years, agencies have closed about 400 data centers, and are on track to close a total of 651 by the end of 2013, Bernard Mazer, chairman of the Federal Data Center Consolidation Initiative and CIO of the Interior Department, told the audience. The feds will close over 1,000 data centers by 2015, achieving $2.4 billion in cost savings and cost avoidance, he said.

The move to shared services is a slow, tasking process, but inevitable given the present budget realities, agency CIOs attending the Data Center Brainstorm said.

“It is bit of a slog getting to shared services,” said Mary Beth Lauderdale, program manager for the Federal Aviation Administration’s data center consolidation initiative. The FAA certainly has the ability to provide dedicated IT infrastructures to all of its constituents. But the reality of shrinking budgets has changed that way of thinking. Now, the task is getting business owners to think about getting services rather than their own dedicated private infrastructure that might be housed in a server room slated for closure, Lauderdale said.

The good news is that with the federal government’s focus on consolidation and shared services over the past few years, more agencies are involved and sharing lessons learned. The Government Accountability Office is sharing more of these lessons through its reports. So the FAA is “not feeling so isolated in these challenges and roadblocks,” she said.

“Shared infrastructure is kind of where things are going,” said Rory Schultz, deputy CIO of the Agriculture Department’s Food and Nutrition Services. In fact, the Treasury Department is hosting FNS’ personnel system. Schultz said that a former federal CIO once told him: “If you don’t have any money and any people, you have to be creative.”

“So, in a shared infrastructure you have to be creative, but you also have to be safe,” Schultz said.